IcrediBB Script Injection Vulnerability

IcrediBB is freely available web forum software. It is written in PHP and will run on most Unix and Linux variants, as well as Microsoft Windows operating systems.

IcrediBB does not adequately filter script code from forum message form fields. This may enable an attacker to inject malicious script code into forum messages.

An attacker who exploits this may be able to hijack web content or steal cookie-based authentication credentials.


Privacy Statement
Copyright 2010, SecurityFocus